supplychainattack @spchainattack

🚨 [New supply chain attack declared]: free-anthropic-claude free-anthropic-claude is an npm package baiting developers with a "free Anthropic Claude" AI access lure, part of a cluster of fake AI-tool packages (alongside free-claude) now flagged on npm. Malware was found in it. Any system with it installed or running is fully compromised, with full control possibly handed to an outside entity. → Rotate all secrets from a clean machine, remove the package, then audit/reimage Full details 👇 supplychainattack.org/incident/malwa… #supplychain #supplychainSecurity #infosec #CyberSecurity #npm #freeanthropicclaude #AISecurity #malware #DevSecOps #ThreatIntel #OpenSource

🚨 [New supply chain attack declared]: free-claude free-claude is an npm package baiting developers with a "free Claude" AI access lure, part of a cluster of fake AI-tool packages (alongside free-anthropic-claude) now flagged on npm. Malware was found in it (GHSA-7qpf-5pm7-57rh). Any system with it installed or running is fully compromised, with full control possibly handed to an outside entity. → Rotate all secrets from a clean machine, remove the package, then audit/reimage Full details 👇 supplychainattack.org/incident/malwa… #supplychain #supplychainSecurity #infosec #CyberSecurity #npm #freeclaude #AISecurity #malware #DevSecOps #ThreatIntel #OpenSource

🚨 [New supply chain attack declared]: mddriver mddriver is an npm package presenting itself as a markdown or device driver utility, named to look like a low-level helper and slip into dependency trees unnoticed. Status: active. Malware was found in it (GHSA-75f4-4w6r-vvch). Any system with it installed or running is fully compromised, with full control granted to an outside entity. → Isolate from network, rotate all secrets from a clean machine, remove the package, then audit/reimage Full details 👇 supplychainattack.org/incident/malwa… #supplychain #supplychainSecurity #infosec #CyberSecurity #npm #mddriver #malware #DevSecOps #AppSec #ThreatIntel #OpenSource

🚨 [New supply chain attack declared]: node-path-utils node-path-utils is an npm package posing as a Node.js filesystem path utility, named to blend into backend dependency trees and look like a core helper library. Malware was found in it (GHSA-7qr8-pqwp-95p9). Any system with it installed or running is fully compromised, with full control possibly handed to an outside entity. → Isolate from network, rotate all secrets from a clean machine, remove the package, then audit/reimage Full details 👇 supplychainattack.org/incident/malwa… #supplychain #supplychainSecurity #infosec #CyberSecurity #npm #nodepathutils #malware #DevSecOps #AppSec #ThreatIntel #OpenSource

🚨 [New supply chain attack declared]: eth-util eth-util is an npm package posing as an Ethereum utility library, named to mimic the well-known ethereumjs-util and lure Web3/blockchain developers into installing it. Malware was found in it (GHSA-fq6v-3gxv-7rjv). Any system with it installed or running is fully compromised, with full control granted to an outside entity. → Isolate from network, rotate all secrets from a clean machine, remove the package, then audit/reimage Full details 👇 supplychainattack.org/incident/malwa… #supplychain #supplychainSecurity #infosec #CyberSecurity #npm #ethutil #malware #DevSecOps #Web3Security #ThreatIntel #OpenSource

🚨 [New supply chain attack declared]: mongoose-jsonify mongoose-jsonify is an npm package posing as a Mongoose helper for serializing MongoDB documents to JSON, named to blend into Node.js backend dependency trees. Malware was found in it (GHSA-6wmf-9mj4-fx3x). Any system with it installed or running is fully compromised, with full control granted to an outside entity. → Rotate all secrets from a clean machine, remove the package, then audit/reimage Full details 👇 supplychainattack.org/incident/malwa… #supplychain #supplychainSecurity #infosec #CyberSecurity #npm #mongoosejsonify #malware #DevSecOps #AppSec #ThreatIntel #OpenSource

🚨 [Mastra AI npm compromise linked to North Korea] Microsoft attributed the Mastra AI supply chain attack, which backdoored 140+ npm packages, to North Korean group Sapphire Sleet (BlueNoroff / UNC1069). A state-sponsored operation hitting the JS/Node and AI/ML dev ecosystem. → Audit all Mastra AI dependencies, update to patched versions, verify package signatures, tighten supply chain controls Full details 👇 supplychainattack.org/incident/micro… #supplychain #supplychainSecurity #infosec #CyberSecurity #npm #BlueNoroff #NorthKorea #AISecurity #malware #DevSecOps #ThreatIntel #OpenSource

🚨 [15 malicious JetBrains plugins (70,000 developers hit)] Over an 8-month campaign, 15 fake AI coding-assistant plugins on the official JetBrains Marketplace stole OpenAI, DeepSeek, and SiliconFlow API keys from ~70,000 developers, exfiltrating to a Beijing C2 that's still live. → Revoke all OpenAI/DeepSeek/SiliconFlow keys, audit and remove unknown JetBrains plugins, enable MFA, enforce plugin allowlisting Full details 👇 supplychainattack.org/incident/15-ma… #supplychain #supplychainSecurity #infosec #CyberSecurity #JetBrains #AISecurity #malware #DevSecOps #APIsecurity #ThreatIntel #OpenSource

🚨 [New supply chain attack declared]: new-ecro new-ecro is an npm package with a generic, throwaway-style name, part of a cluster of malicious "ecro" packages (alongside ts-big-ecro) now flagged on npm. Malware was found in it (GHSA-chhh-8532-pg35). Any system with it installed or running is fully compromised, with attackers gaining full control. → Rotate all secrets from a clean machine, remove the package, then audit/reimage Full details 👇 supplychainattack.org/incident/malwa… #supplychain #supplychainSecurity #infosec #CyberSecurity #npm #newecro #malware #DevSecOps #AppSec #ThreatIntel #OpenSource

x.com/i/article/2064…

🚨 [New supply chain attack declared]: flow-lending flow-lending is an npm package posing as a DeFi lending/Flow-blockchain utility, part of a cluster of malicious "flow" packages (alongside flow-lending-sdk and janus-flow) now flagged on npm. Malware was found in it (GHSA-pgcr-8w67-72j9). Any system with it installed or running is fully compromised, with full control possibly handed to an outside entity. → Isolate from network, rotate all secrets from a clean machine, remove the package, then audit/reimage Full details 👇 supplychainattack.org/incident/malwa… #supplychain #supplychainSecurity #infosec #CyberSecurity #npm #flowlending #malware #DevSecOps #Web3Security #ThreatIntel #OpenSource

🚨 Alert => [New supply chain attack declared]: vite-config-react vite-config-react is an npm package posing as a Vite + React config helper, riding on the popularity of the Vite build tool to lure front-end developers into installing it. Malware was found in it (GHSA-9j99-p89c-pjwq). Any system with it installed or running is fully compromised, with attackers gaining full control. → Isolate from network, rotate all secrets and signing keys from a clean machine, remove the package, then audit/reimage Full details 👇 supplychainattack.org/incident/malwa… #supplychain #supplychainSecurity #infosec #CyberSecurity #npm #viteconfigreact #malware #DevSecOps #AppSec #ThreatIntel #OpenSource

🚨 [New supply chain attack declared]: tailwind-typography-style tailwind-typography-style is an npm package posing as a Tailwind CSS typography styling helper, riding on Tailwind's popularity to lure front-end developers into installing it. Malware was found in it (GHSA-xw83-9jhm-jj7j). Any system with it installed or running is fully compromised, with attackers potentially gaining full control. → Rotate all secrets from a clean machine, remove the package, then audit/rebuild Full details 👇 supplychainattack.org/incident/malwa… #supplychain #supplychainSecurity #infosec #CyberSecurity #npm #tailwindtypographystyle #malware #DevSecOps #AppSec #ThreatIntel #OpenSource

🚨 [New supply chain attack declared]: websocket-slot websocket-slot is an npm package presenting itself as a WebSocket connection/slot management utility for real-time JS apps, named to blend into backend dependency trees. Malware was found in it (GHSA-27vg-w6vw-2rq8). Any system with it installed or running is fully compromised, with attackers gaining full control. → Isolate from network, rotate all secrets from a clean machine, remove the package, then audit/reimage Full details 👇 supplychainattack.org/incident/malwa… #supplychain #supplychainSecurity #infosec #CyberSecurity #npm #websocketslot #malware #DevSecOps #AppSec #ThreatIntel #OpenSource

🚨 [New supply chain attack declared]: ect-472839 ect-472839 is an npm package with a randomized, throwaway-style name, the kind used in automated malware-flooding campaigns to slip into dependency trees unnoticed. Malware was found in it (GHSA-6mm4-66fp-hmxv). Any system with it installed or running is fully compromised, with attackers gaining full control. → Isolate from network, rotate all secrets from a clean machine, remove the package, then audit/reimage Full details 👇 supplychainattack.org/incident/malwa… #supplychain #supplychainSecurity #infosec #CyberSecurity #npm #ect472839 #malware #DevSecOps #AppSec #ThreatIntel #OpenSource

🚨 [New supply chain attack declared]: um4r719-baileys um4r719-baileys is an npm package whose name piggybacks on "baileys" (a popular WhatsApp Web API library), prefixed with a random handle to look like a fork or variant. Malware was found in it (GHSA-cfvv-rh9x-qqvj). Any system with it installed or running is fully compromised, with attackers gaining full control. → Isolate from network, rotate all secrets from a clean machine, remove the package, then audit/reimage Full details 👇 supplychainattack.org/incident/malwa… #supplychain #supplychainSecurity #infosec #CyberSecurity #npm #baileys #malware #DevSecOps #AppSec #ThreatIntel #OpenSource

🚨 [New supply chain attack declared]: ecto-flag-read-m7p2 ecto-flag-read-m7p2 is an npm package with a randomized, throwaway-style name, part of a cluster of malicious "ecto" packages now flagged on npm. Malware was found in it (GHSA-ggf2-rhq7-qqgg). Any system with it installed or running is fully compromised, with full control granted to an outside entity. → Rotate all secrets from a clean machine, remove the package, then audit/reimage Full details 👇 supplychainattack.org/incident/malwa… #supplychain #supplychainSecurity #infosec #CyberSecurity #npm #ecto #malware #DevSecOps #AppSec #ThreatIntel #OpenSource

🚨 [New supply chain attack declared]: Atomic Arch (400+ AUR packages hijacked) On June 11, attackers hijacked over 400 packages in the Arch User Repository (AUR), turning them into a malware delivery network via maintainer account takeovers. Impact is limited to Arch Linux systems. → Enable MFA on all AUR maintainer accounts, revoke compromised package versions, restore from known-good sources, and scan Arch systems for IoCs Full details 👇 supplychainattack.org/incident/400-a… #supplychain #supplychainSecurity #infosec #CyberSecurity #ArchLinux #AUR #AtomicArch #malware #DevSecOps #ThreatIntel #OpenSource

🚨 [New supply chain attack declared]: vite-react-toolkit vite-react-toolkit is an npm package posing as a Vite + React starter/toolkit, riding on the popularity of the Vite build tool to lure front-end developers into installing it. Malware was found in it. Any system with it installed or running is fully compromised, with attackers potentially gaining full control. → Rotate all secrets from a clean machine, remove the package, then audit/rebuild Full details 👇 supplychainattack.org/incident/malwa… #supplychain #supplychainSecurity #infosec #CyberSecurity #npm #vitereacttoolkit #malware #DevSecOps #AppSec #ThreatIntel #OpenSource

x.com/i/article/2065…